W32.Alcarys.G@mm

W32.Alcarys.G@mm is a worm that is written in Visual Basic. It requires Visual Basic runtime libraries to function on a host system. It uses mIRC and Microsoft Outlook to spread, and it infects Microsoft Office documents and workbooks. The worm will arrive in an email with 1 of 7 randomly chosen subjects, and 4 attachments (all copies of the worm). Three of the attachments are randomly named and the 4th will be DISNEY.SCR.

This worm attempts to distribute itself using files on systems that may be using the Kazaa file-sharing client application.

When W32.Alcarys.G@mm is executed, it copies itself to several different locations on the hard disk and creates many copies of itself. It adds eight copies of itself on the desktop alone. Furthermore, it opens several Internet Explorer windows and it attempts to download an additional executable file.

NOTES:

• The file it attempts to download is not viral; however, it would be easy for the worm's author to replace the file with an infected one.
• Virus Definitions dated prior to June 13, 2002 will detect this as W32.Neysid@mm

Protection

• Initial Rapid Release version June 11, 2002
• Latest Rapid Release version May 18, 2009 revision 053
• Initial Daily Certified version June 11, 2002
• Latest Daily Certified version May 19, 2009 revision 002
• Initial Weekly Certified release date June 11, 2002

Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 - 49
• Number of Sites: 0 - 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Low

Distribution

• Distribution Level: High